The sheer number of cyber incidents being experienced by the small to medium business (SMB) sector has been exposed in a new report from security specialist Sectigo.
Sectigo’s ‘State of Website Security and Threat” report revealed that 40 percent of SMBs surveyed are being attacked on a monthly basis.
And the Sectigo study also found that 50 percent of SMBs have experienced a website breach at some point in time.
The fact that 40 percent of respondents have reported they are being attacked on a monthly basis, is sobering news for the sector, and should encourage SMB management teams to sufficiently fund their cyber defences going forward.
It seems that malware injection, data breaches, and brute force login attempts are the principle attack vectors.
Indeed, the Sectigo survey also found that 20 percent of respondents have experienced a breach in the past year alone, despite nearly three-fourths believe their companies are mitigating risks effectively.
This clearly demonstrates the “perception gap” that can exist in some organisations.
Sectigo for its ‘State of Website Security and Threat Report’ surveyed more than 1,100 website security decision makers at companies with fewer than 500 employees, in November last year.
The survey also identified a worrying attitude, as a significant number of businesses do not feel they are vulnerable to online threats.
Indeed, 48 percent of respondents indicated their business is “too small to be the target” of an attack.
And 73 percent of respondents believe they are effectively mitigating risks.
The survey also revealed that the majority of SMBs don’t believe they are vulnerable to online threats unless they have recently experienced an attack.
Indeed, the survey found that 58 percent of SMBs who have recently experienced a breach feel their business is “vulnerable” or “very vulnerable,” compared to 30 percent of those who have not recently had a breach considering their business to be “vulnerable” or “very vulnerable.”
And the real world consequences of a breach have been highlighted in the study, which found that only 3 percent of respondents claimed “no impact” to their business due to the breach.
However 28 percent reported “severe” or “very severe” consequences stemming from a cyberattack – with 60 percent experiencing a website outage and more than a third incurring revenue loss.
The good news is that SMBs are utilising a number of tools and strategies to combat this cyber threat, with malware scanning and remediation, firewalls, and website backup tools being the most common website security technologies SMBs use to protect their websites.
The survey found that 94 percent of SMBs surveyed already use at least one type of security product or service to protect their websites, and 37 percent attacked in the past year concede that they had some form of website security in place at the time.
This reinforces the point that organisations often need improved or increased website security, and need to adopt a layered security approach of using multiple defences.
And going forward, the threat landscape is only going to increase the security risks facing the SMB community.
However, this increasing risk of attack frequency and severity have resulted in many SMBs opting to increase their security spending.
The survey found that 81 percent of respondents believe cyberattacks will become more sophisticated, and 75 percent believe attacks will occur more frequently in 2021.
More than 72 percent of respondents say they collect or store sensitive data through their website, and half say that a website outage would have a serious impact on their business.
“As SMBs increasingly digitize their operations, their websites become mission-critical for communicating with customers and conducting business,” explained Michael Fowler, president of partners and channels at Sectigo. “No business is too small a target.”
“Attacks continue to evolve, and hackers are increasingly resourceful, making it critical for SMBs to invest in multi-layered solutions that stay ahead of ever-changing threats,” added Fowler.
The Sectigo study found that 60 percent of SMBs currently spend $500/month or less on website security, with nearly half of all respondents planning to increase website security spending in 2021.
The survey also found that businesses that have not experienced a recent breach, plan to make modest increases, while those that suffered a breach in 2020 expect to boost their spending by nearly 30 percent in 2021 (from 31 percent to 40 percent of their overall website budget).
“Companies are advancing their security posture are taking a wise step toward protecting their brand, data, and revenues by warding off website outages, ransomware, and more,” said Jonathan Skinner, chief marketing officer at Sectigo.
“While security spending increases are promising for SMBs, businesses must be thinking beyond their SSL certificates,” said Skinner. “Today’s automated, all-in-one web security suites are helping SMBs tackle website monitoring, remediation, performance, and recovery with little effort, ensuring business continuity,” Skinner concluded.